Bug#738554: libbluray-bdj security issues
Christoph Anton Mitterer
calestyo at scientia.net
Mon Feb 10 16:07:01 UTC 2014
Package: libbluray-bdj
Version: 1:0.5.0-2
Severity: normal
Hi.
AFAIU, BD-J allows BluRays to run some Java code for an "extended experience"...
No even if that was sandboxed... we all know how problematic this is with respect
to security and that Java has a really bad record in terms of that.
In the end this probably means, that if installed, more or less arbitrary code
from BluRays (especially video BluRays) may be executed.
I think that at least the package description should clearly warn the user about
that, since many people may not fully realise what BD-J means.
And IMHO it would be even better, if libbluray-bdj was "disabled" by default,
even when installed... like that any function of it simply returns an error,
or that it's not loaded by libbluray unless some configuration file enables it
explicitly.
Cheers,
Chris.
More information about the pkg-multimedia-maintainers
mailing list